global/security: don't generate RSA host keys

2024-03-20 17:14:18 -04:00 · 2024-03-20 17:14:18 -04:00 · e5eee00ec1
commit e5eee00ec1
parent 8a7b71bcb7
1 changed files with 2 additions and 12 deletions
--- a/modules/global/security.nix
+++ b/modules/global/security.nix
@ -39,20 +39,10 @@ with lib;
    enable = true;
    openFirewall = mkDefault true;
    settings.X11Forwarding = mkDefault false;
-    hostKeys = mkDefault [
-      {
-        bits = 4096;
-        openSSHFormat = true;
-        path = "/etc/ssh/ssh_host_rsa_key";
-        rounds = 100;
-        type = "rsa";
-      }
-      {
+    hostKeys = mkDefault [{
        path = "/etc/ssh/ssh_host_ed25519_key";
-        rounds = 100;
        type = "ed25519";
-      }
-    ];
+    }];
  };

  services.nginx = {